Greece keen to keep EU cybersecurity agency

The Greek government's contact person for the EU's cybersecurity agency has welcomed a proposal to give the agency a bigger role.

"I am always saying that the next threat to European security will be through the internet, so there are huge stakes there for the EU," the secretary general for telecommunications and post, Vassilis Maglaras, told EUobserver in an interview at his office in Athens.

Mostly research

It will have some additional coordinating tasks when the new EU directive on security of network and information systems comes into force next year.

The directive is one of the reasons why the European Commission has proposed an updated mandate for Enisa, which was set up in 2004.

The cybersecurity agency is the only EU agency with a fixed term - renewed three times, currently until June 2020 - while the tasks given to it through the directive have no end date.

In the legislative proposal, which will need to be approved by member states and the EU parliament, the commission is somewhat critical of Enisa's track record.

"Enisa managed to make an impact, at least to some extent, in the vast field of network and information security, but it has not fully succeeded in developing a strong brand name and gaining sufficient visibility to become recognised as 'the' centre of expertise in Europe," the commission said in its proposal.

It said the reason for this was that the agency's "broad mandate" was not met with "proportionally sufficient resources". The commission proposed doubling the budget for staff from 2020 onwards.

Two offices

However, it also criticised the "location split between Athens and Heraklion", which has "generated further administrative costs".

After Enisa was set up in 2004, the Greek government decided that its seat should be based in Heraklion, on the island of Crete. According to Maglaras, the idea behind that decision was so it could be close to a Greek technology institute.

"Now with a bigger role and a bigger mandate, it should be in a more populated area, in Athens. And we will fix that … later, when the mandate is changed," he said, only to add minutes later that there "is no problem with having a few persons there", in Heraklion.

Maglaras noted that if Enisa wanted to keep the office in Heraklion open, that was also possible.

"If it's the best position to do its job for Greece and for the European citizens to be in Athens, it's okay to be in Athens," he said.

"There is no problem. It's very minor. It's not a big deal for us," he said.

The official added that the Greek government could not unilaterally decide on closing the Heraklion office, but that it had a "legal obligation" until 2020 to keep an office on the Greek island.

Maglaras seemed to refer to the 2013 regulation, the most recent legal text to set out Enisa's legal status.

That text said that staff "engaged in the administration" of the agency "should be based in Heraklion". However, that sentence is from the preamble, and the European Court of Justice ruled in 1997 that preambles have "no binding legal force".

Enisa's press office only wanted to provide a written comment, saying that the agency "has two offices and that will be situation for the current mandate".

In its legislative proposal published on Wednesday, the EU commission did not directly say that the Heraklion office should be closed, but noted the agency should "be based in an appropriate location".

Computer virus

One of Enisa's objectives will be to increase awareness of the need for "cyber hygiene" - making sure employees are not vulnerable to cyber threats.

Vassilis Maglaras himself admitted he recently learned he needed more cyber hygiene.

"Six months ago I lost all my professional data from my computer because I had a virus," he said.

"I clicked on a wrong link. … I lost files, I lost studies, I lost personal information. I lost everything. That was very painful."

He noted that the ministry had "a lot of layers of security", but that "after ten hours of working", he dropped his guard.

Now, Maglaras said he makes more backups of his files, and whenever he doesn't trust an e-mail, he passes it on to a secretary to open it on a separate computer.

"I have learned this time, but there is another risk coming next week, and another next week."

Opinion

Cybersecurity is a core element of Europe's strategy to become a global leader in digital technologies and a secure place for its citizens, write EU commissioner Jyrki Katainen and expert Jarno Limnell.